“Companies are forced to fight attackers on multiple geographic fronts, but the complexities of
the internet cloud and a patchwork quilt of data privacy laws means a prompt response is often
difficult,” said Berman.

Cyber incident
response plans must take into account any potential restrictions to access, but providers are
rarely set up to support a victim's needs to obtain forensic images of their own servers.

“We regularly deal with incidents where data is scattered across servers in multiple physical
locations or even on servers that may house other companies' data. This makes forensic response
complicated, slow or, in some cases, impossible,” said Berman.

Investigations slowed by data privacy regulations

A former US Department of Justice prosecutor, Berman has led cyber crime investigations into
hacking, corruption, corporate espionage, intellectual property theft, fraud and employee
misconduct, on behalf private and public sector organisations.

“In Europe, the process of forensically preserving and analysing the computers an attacker has
compromised can run into road blocks rooted in EU data privacy
frameworks. These provide strong protection against businesses examining employees' personal
data,” said Berman.

Country-specific legislation adds a further layer of complexity. “Germany’s workers' councils,
for example, have the ability to protect workers from a range of corporate inquiries into their
data,” he said.

According to Berman, such restrictions complicate the ability to react swiftly to a cyber
attack, given that one of the key methodologies attackers use is the delivery of malware-loaded
emails to targeted corporate employees.

A spear phishing
attack would commonly require a deep inspection of the affected employees' email folders and,
sometimes, their entire computers. In many countries, that process could be slowed or impeded,
depending on the response by the company, employees and/or labour councils.

Mandatory reporting of data breaches

“With mandatory data breach notification, the US now has an interlocking response system, with a
shared sense of urgency and the backing of corporate executives, outside counsel and incident
responders,” he said.

The European Union is currently considering the introduction of mandatory data breach reporting,
which may force organisations to report data breaches within hours of a breach.

“A shared sense of urgency across multiple continents may help companies overcome the hurdles
that are often the inadvertent consequence of privacy laws. The challenge will be to strike a
balance between privacy and a need to facilitate a rapid and coordinated incident response across
multiple jurisdictions,” said Berman.

Contracts need more transparency to improve risk management, according to the Gartner analysts,
as SaaS contracts often have ambiguous terms regarding data confidentiality, data integrity and
recovery after a data breach.

This leads to dissatisfaction among the users of cloud services and makes it difficult for
service providers to manage risk and defend their risk position to auditors and regulators, the
report said.

Email Alerts

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

It can be tempting to stray from the security roadmap security professionals have put in place when data breaches like the Sony and Anthem breaches are all over the news. But experts say it's crucial to stick to the security basics.

The Open Data Platform has arrived, but not all Hadoop vendors are on board. The initiative, aimed at boosting interoperability, formed a backdrop for discussion at the Strata + Hadoop World 2015 conference.